c# RSA PKSC#7签名的消息,怎么弄??试了好几种还是不行~~
0
悬赏园豆:30
[已关闭问题]
关闭于 2018-07-03 10:33
主要需求是把某银行的java代码转化成net,实现签名验签这样,可是发现用了以前类似的银行签名验签,不好使,求教,贴代码。。
c#:
public static bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData,string certFileName, string password)
{
try
{
byte[] HashbyteSignature;
byte[] EncryptedSignatureData;
HashbyteSignature = Convert.FromBase64String(strHashbyteSignature);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为SHA1
RSAFormatter.SetHashAlgorithm("SHA1");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
//strEncryptedSignatureData = Convert.ToBase64String(inArraypkcs);
//创建pksc#7
strEncryptedSignatureData = SignatureMessage(certFileName, password, EncryptedSignatureData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
public static string SignatureMessage(string certFileName, string password, byte[] dataTobeSign)
{
byte[] pfxCert = File.ReadAllBytes(certFileName);
// byte[] dataTobeSign = File.ReadAllBytes(dataFileName);
SecureString pwd = new SecureString();
char[] pwdCharArray = password.ToCharArray();
for (int i = 0; i < pwdCharArray.Length; i++)
{
pwd.AppendChar(pwdCharArray[i]);
}
X509Certificate2 cert = new X509Certificate2(pfxCert, pwd);
CmsSigner signer = new CmsSigner(cert);
signer.DigestAlgorithm = new Oid("1.3.14.3.2.26", "sha1");
signer.IncludeOption = X509IncludeOption.EndCertOnly;
ContentInfo signedData = new ContentInfo(dataTobeSign);
SignedCms cms = new SignedCms(signedData, true);
cms.ComputeSignature(signer);
byte[] signature = cms.Encode();
//base64
ToBase64Transform base64Transform = new ToBase64Transform();
byte[] inputBytes = signature;
byte[] outputBytes = new byte[base64Transform.OutputBlockSize];
int inputOffset = 0;
int inputBlockSize = base64Transform.InputBlockSize;
MemoryStream outputDataStream = new MemoryStream();
while (inputBytes.Length - inputOffset > inputBlockSize)
{
base64Transform.TransformBlock(inputBytes, inputOffset, inputBytes.Length - inputOffset, outputBytes, 0);
inputOffset += base64Transform.InputBlockSize;
outputDataStream.Write(outputBytes, 0, base64Transform.OutputBlockSize);
}
outputBytes = base64Transform.TransformFinalBlock(inputBytes, inputOffset, inputBytes.Length - inputOffset);
outputDataStream.Write(outputBytes, 0, outputBytes.Length);
outputDataStream.Position = 0;
byte[] outputData = new byte[outputDataStream.Length];
outputDataStream.Read(outputData, 0, (int)outputDataStream.Length);
outputDataStream.Close();
return System.Text.Encoding.Default.GetString(outputData);
}
java:
/**
* 使用pkcs7格式进行签名,签名结果不包含被签名数据(称为Detach方式),算法为initSignCertAndKey:SHA1withRSA
* @param originData
* @return
* @throws Exception
*/
public String pkcs7DetachSignData(byte[] originData) throws Exception {
Signature sign = Signature.getInstance(this.getDigestAlg() + "with" + this.getCryptAlg());
sign.initSign(this.privateKey);
sign.update(originData);
return base64Encode(this.createPkcs7((byte[])null, sign.sign()));
}
/**
* 构造PKCS7数据
* @param originData 原始数据,如果不为null,则签名结果将包含被签名数据,否则不包含
* @param signedData 签名数据
* @return
* @throws Exception
*/
protected byte[] createPkcs7(byte[] originData, byte[] signedData) throws Exception {
AlgorithmId[] digestAlgorithmIds = new AlgorithmId[]{AlgorithmId.getAlgorithmId(this.getDigestAlg())};
ContentInfo contentInfo = null;
if(originData == null) {
// Detach方式,不包含被签名数据
contentInfo = new ContentInfo(ContentInfo.DATA_OID, (DerValue)null);
} else {
// Attach方式,包含被签名数据
contentInfo = new ContentInfo(ContentInfo.DATA_OID, new DerValue((byte)4, originData));
}
X509Certificate[] certificates = new X509Certificate[]{this.signCert};
SignerInfo si = new SignerInfo((X500Name)this.signCert.getIssuerDN(), this.signCert.getSerialNumber(), AlgorithmId.getAlgorithmId(this.getDigestAlg()), (PKCS9Attributes)null, new AlgorithmId(AlgorithmId.RSAEncryption_oid), signedData, (PKCS9Attributes)null);
SignerInfo[] signerInfos = new SignerInfo[]{si};
PKCS7 p7 = new PKCS7(digestAlgorithmIds, contentInfo, certificates, signerInfos);
ByteArrayOutputStream bout = new ByteArrayOutputStream();
p7.encodeSignedData(bout);
return bout.toByteArray();
}
这么做发现还是不行~~~,求教
我参考的文案:https://stackoverflow.com/questions/41779669/create-a-pkcs7-signed-message-in-c-sharp-with-a-precomputed-signature
https://download.csdn.net/download/u011343167/10195670
所有回答(1)
0
我也遇到了 p7Sign P7签名看不懂,无法翻译成C#代码。
